Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?

Поиск
Список
Период
Сортировка
От Mohamed
Тема Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?
Дата
Msg-id 861fed220901080052k5880f1fbkb440a54f7b3761c0@mail.gmail.com
обсуждение исходный текст
Ответ на to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?  (Mohamed <mohamed5432154321@gmail.com>)
Ответы Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?
Список pgsql-general
Дерево обсуждения
..... any one?

On Wed, Jan 7, 2009 at 8:07 PM, Mohamed <mohamed5432154321@gmail.com> wrote:
Hi, I am wondering whether or not there exists any built in function for making sure a query/textinput is not harmful or one that escapes them. If not, what kind of things should I watch out for ?

As of now, I get errors on the quote ( ' ) if it is entered in an input and in to_tsquery also on space. What other tokens should I be careful about? How should I handle these ? How do I escape them ?

When fulltext indexing my text, is there any risk that the text being indexed could be harmful if it contains certain characters ?

/ Moe

В списке pgsql-general по дате отправления:

Предыдущее
От: Peter Eisentraut
Дата:
Сообщение: Re: Error: column "host" does not exist
Следующее
От: Reg Me Please
Дата:
Сообщение: Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?